Jump to content
Kaspersky Support Forum

Ech0raix malware

Jeff27
 Share
Go to solution Solved by Danila T.,

Recommended Posts

Jeff27

Jeff27

Posted
  • Author
Posted

I have a Thecus N8800Pro v2 NAS that has been hit with a ransomware apparently called Ech0raix. I have searched widely for any information I can find about it and it seems very vague. The version of Ech0raix I’ve encountered is new where decryption tools available do not apply. Fortunately I have a backup and will not pay the ransom.

My question or dilemma is I cannot find the source or know what to look for to ensure the malware is eradicated. I don't know if this ransomware is new enough that information is not available or I’m missing something in my searches and how can I be sure this will not begin encrypting again?

Here is what I know:

  1.  the ransomware only encrypts doc, docx, xls, xlsx, pdf, and jpg type files.
  1. it has only (so far) encrypted my Linux based NAS, no PC’s that I am aware of in our company have been hit and all are protected by KES 11.x
  2. KES registers all NAS files clean
  3. the ransomware leaves this file: README_FOR_DECRYPT.txtt which contains: All your data has been locked(crypted).
    How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/1PbAi22vam4Lt1e3gn4sSLiQbRetPX2KYK
    Use TOR browser for access .onion websites.
    https://duckduckgo.com/html?q=tor+browser+how+to

Any help with this topic is greatly appreciated!

Link to comment
Share on other sites
  • 1 month later...
zzzoich

zzzoich

Posted
Posted

All your data has been locked(crypted).
How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/19DoK59UHkFt5uWDPCpRegiX2EgAXL5g1S
Use TOR browser for access .onion websites.
https://duckduckgo.com/html?q=tor+browser+how+to

Link to comment
Share on other sites
  • 3 weeks later...
  • Solution
Danila T.

Danila T.

Posted
  • Solution
Posted

Hello,

This malware is executed on the QNAP NAS devices and our products are not involved in the protection from this malware or its remediation.
We advise the victims to contact technical support of the NAS vendor regarding issues with this malware.
Additionally we may cite the advice published by the vendor: https://www.qnap.com/en/how-to/faq/article/what-should-i-do-when-found-nas-is-encrypting-my-files-by-7z 

Link to comment
Share on other sites
zzzoich

zzzoich

Posted
Posted

Hello,

This malware is executed on the QNAP NAS devices and our products are not involved in the protection from this malware or its remediation.
We advise the victims to contact technical support of the NAS vendor regarding issues with this malware.
Additionally we may cite the advice published by the vendor: https://www.qnap.com/en/how-to/faq/article/what-should-i-do-when-found-nas-is-encrypting-my-files-by-7z 


А при чем здесь 7z?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...